This is what I get from wireshark. How do we check the packet numbers where IP is getting resolved.
read the references carefully.
Just figured out that the protocol should be DNS, but as you can see in the screenshot there’s none.
ok,carefully catch the packet using tcpdump.
Hey you have to fillter DNS packet in the wireshark.
DNS translates domain names to IP addresses, so browsers can load Internet resources.
You can go through this below link, as to understand how to filter out DNS packets in wireshark
Hope this solved your issue
Can you try changing value of -i flag to any for tcpdump command while capturing the packets? Please check if that helps capturing the packet you are looking for.
it seems that you have not captured the packet for ip resolved
capture the packets with tcpdump using filters
i would suggest to filter the packets based on the ports
Thanks all, seems like there was some issue with that pcap. I captured again in a new pcap and I got the required name resolution.
Hey can anyone tell me how to get the packet number ?Is it the Leftmost column in the Wireshark ?
I wrote all the dns captures in a pcap file and opened it in wireshark.
Yes @srinjoy, it is.
could you please specify which port should be captured.Because when I capture at 8081 nothing is captured.
Standard query response No such name SOA ns1.google.com
Am i doing something wrong?
You have to find the ip where google.com is changed
Hint it start with 172
meaning? ip is changed? i really dont understand what you are telling me
Where name google.com is changed you will find it in last column of wireshark
Every site have ip address and dns … Just google about it… You will get an idea
Found it. Thanks!! I am getting those type of responses only twice or thrice in my entire .pcap file. Is it fine or should i do something?
Next time do google search please